cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
607
Views
0
Helpful
2
Replies

Nat Exemption with multiple interfaces

alyasrazzaq
Level 1
Level 1

Hi, I am running v8 of the PIX software with the following config:

inside interface - sec level 100

outside1 interface sec level 0

outside2 interface sec level 2

My question is this, if I have a single nat exemption statement i.e. 'nat (inside) 0' and 2 outside interfaces should the nat exemtion statement work for traffic destined for both interfaces?

I currently have several IPSEC VPN tunnels configured, and I have switched one of the tunnels over to use the outside2 interface with a new IP address. The tunnel comes up, the remote users can connect in to my network fine, however, I can't connect to the remote users. Packet tracer in ASDM shows that my traffic matches the NAT exempt statement and it shows the traffic as going from inside to outside1 and not to outside2.

The remote end has no restrictions on the VPN tunnel.

Any help would be greatly appreciated.

Thank you

1 Accepted Solution

Accepted Solutions

michelcaissie
Level 1
Level 1

My guess would be that your problem is not related to your nat 0 statement but is a routing problem.

Before a packet can trigger a crypto-map associated to an interface , it must be routed though this interface.

If your default route is on outside1 you will need a specific route on outside2 for your tunnel traffic

Try to add ;

route outside2 [inside IP] [remote inside IP] [outside2 gateway]

View solution in original post

2 Replies 2

froggy3132000
Level 3
Level 3

post your config

michelcaissie
Level 1
Level 1

My guess would be that your problem is not related to your nat 0 statement but is a routing problem.

Before a packet can trigger a crypto-map associated to an interface , it must be routed though this interface.

If your default route is on outside1 you will need a specific route on outside2 for your tunnel traffic

Try to add ;

route outside2 [inside IP] [remote inside IP] [outside2 gateway]

Review Cisco Networking for a $25 gift card